Study: Most Apps Store Some Kind of Non Encrypted Data

A new study from ViaForensics uncovered how most apps on iOS and Android don't properly protect consumer data. Photo: IBTimes

A recent study has highlighted the alarming insecurities of most smartphone apps.

The study, from security firm ViaForensics, tested various apps for both Apple's iOS and Google's Android and found most aren't secure. In fact, a majority of apps store at least some kind of data. The overwhelming majority, 76 percent, store user names.

ViaForensics said it tested 100 popular apps on both platforms. It installed the app on the companies' respective app stores, populated them with the data they were looking to analyze and then analyzed their findings.

The security company either gave the app a pass, fail or warning based on its security. Pass meant the data was secure (encrypted) or not there. Warn meant the data in question is discovered but does not put the user at clear significant risk. Fail meant sensitive data, such as passwords and account numbers, were at risk.

Overall, 44 percent of the apps got a warning while 39 percent failed and only a measly 17 percent passed. As ViaForensics indicates, this showed that in general, most mobile applications presently store sensitive user data unencrypted.

User names, as mentioned, were the most common piece of data available. While some may not consider this sensitive, ViaForensics said most systems only require a user name and a password. With the user name being available, 50 percent of the puzzle is solved.

Incredibly, 10 percent of the apps surveyed and studied by ViaForensics actually stored unencrypted passwords. 31 percent of the apps stored other data, 38 percent got a warning rating and 31 percent didn't store any or it was all encrypted.

ViaForensics tested all types of apps: financial, social networking, productivity and retail. Of these categories, social networking apps fared the worst. ViaForensics tested 19 social networking apps and all but five failed. Of the five that didn't fail, they all were warning. Some of them were very popular social networks as well.

"LinkedIn for Android, Foursquare for Android and Kik for both iPhone and Android, failed our Password test, indicating that the user's password was stored on the device in plain text," ViaForensics said in the report.

Another app that named was in the retail category. The Starbucks app reportedly stores a user's entire 16-digit credit card number.

Overall, ViaForensics said there is a serious threat of identity or financial theft to smartphone users should their phone get lost or stolen. The company said consumers should demand secure apps from their service providers.